This is a cryptographically signed message in MIME format.
--------------ms010606090903000904060909
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
(Re-added Cc: openldap-its@openldap.org)
Emmanuel L=C3=A9charny wrote:
> Le 4/5/12 1:55 PM, Michael Str=C3=B6der a =C3=A9crit :
>> elecharny@apache.org wrote:
>>> When trying to inject more than one value into the olcAuditlogFile AT=
, we get
>>> the following error :
>>>
>>> LDAP: error code 18 - modify/add: olcAuditlogFile: no equality matchi=
ng rule
>> How did the modification list look like in your modify request?
>>
>> This LDAP error code is typically returned if you try to add or remove=
>> specific value(s) to an existing multi-valued attribute which does not=
have an
>> equality matching rule defined for it. In this case the server is not =
capable
>> to check whether the value exists or not.
> The olcAuditlogFile does have a Syntax (DirectoryString) thus an equali=
ty MR.
No it does not have an equality matching rule. And the diagnosticMessage
returned by the server is pretty clear on that. Look at the subschema.
> The error is really not associated with the value we are trying to inje=
ct :
It is because...
> Second value :
> #!RESULT ERROR
> #!CONNECTION ldap://10.211.55.4:10389
> #!DATE 2012-04-05T11:32:50.776
> #!ERROR [LDAP: error code 18 - modify/add: olcAuditlogFile: no equality=
> matching rule]
> dn: olcOverlay=3D{0}auditlog,olcDatabase=3D{1}bdb,cn=3Dconfig
> changetype: modify
> add: olcAuditlogFile
> olcAuditlogFile: /ldap/file2.log
> -
=2E..with such a modify request the server wants to check whether the new=
value
'/ldap/file2.log' is already present in the attribute value set. An equal=
ity
matching rule has to be defined for the attribute type to make this work.=
>> =3D> Your client should never do that if it's meant to be generally u=
sable.
> Really, it seems to be something the server is not handling correctly.
Nope.
>> Safest approach is to send a MOD_DEL without value and MOD_ADD with al=
l values.
> That would be totally overkilling if you have thousands of values in yo=
ur AT.
It's the only valid approach in case there's no equality matching rule de=
fined
for the attribute type.
> Plus that forces the client to first fetch the values from the server, =
to
> compute locally the differences
Yes.
> (what if the value we try to add is already
> present ?),
It depends... ;-)
> which means we have a way to do the comparison locally, which
> means we have some knowledge about the MR locally.
Yes.
In practice it turned out to be sufficient to compare the byte buffers. :=
-)
And that's why my web2ldap looks for equality matching rule definition in=
the
schema and generates different attribute value diffs accordingly. Tested =
with
many different LDAP servers...
Ciao, Michael.
--------------ms010606090903000904060909
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFOzCC
BTcwggMfoAMCAQICAwl4kDANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4w
HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu
ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEx
MTcxNTQzMzFaFw0xMjExMTYxNTQzMzFaMD8xGDAWBgNVBAMUD01pY2hhZWwgU3Ry9mRlcjEj
MCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDo2SKth5GhtaDrCyfGtyUG+/hAAa/J52L0NFN4SSRvTtdGf9HfWwwd
NCtgae0TVGWk2lKDbXA9d5vmyIiRhuwxd90H6FLErhRBeB9G67qtw87E8WUoXt2DwPQEUTWV
hqHpPadlmgFw3+i3TGQQTe3O3W9MMMd4GJNhObem2VGRuCD37OXnzBksTcq0FPJgcWAhe3d/
0ItOkNWBqgq8Mf3p7WFBhaQ0a27BC/mKtH8fI3kPcS305imPRja69Msq3EwUZBc9ToVp6FRQ
NYKjfOBybDUzVkmRZl3H8xutQP2w8Zxb8m5f7Q1BfLLrIFScfYvIDgOERxTCd4lab8+/09XH
AgMBAAGjggEAMIH9MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3Vy
IG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNl
cnQub3JnMEAGA1UdJQQ5MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYB
BAGCNwoDAwYJYIZIAYb4QgQBMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov
L29jc3AuY2FjZXJ0Lm9yZzAfBgNVHREEGDAWgRRtaWNoYWVsQHN0cm9lZGVyLmNvbTANBgkq
hkiG9w0BAQUFAAOCAgEANPf/aLF41eQlvN5dEg3CFnlN//qQK7+EPIXLnHprNWLb4nBwgdPj
/E+qa1umT7px4Py3VS0UTKqLmMdWftwid8MOMHWalZwrfx0Z8U3He+EdJhOSnn9vdd/ug7Xd
dI/hRjLaBSq9ZhCczEUgL6vTxCYPlIoHF56y/oxSJw59vRBjvRFKXvpBZWseeRkcGACQduNH
SNdWC1IqHAbQlgOS9VWQUYlm//BdaLkezRxqnQp5+KJMAcZzHpdNJ3G4SqCJ02Z3n4kk8IKZ
AjgiWxisDFNsfXKDb9Ng5ntnnH2ouxrgPoNnW445tgkz50VKHstylx9s5O3G7uUTtg0J+z63
TA8xbN6kzRx7RgAUkEXhl6WEdW+3EVj5tYY38Uy8vleP+gYZfphKEmQJgIQqy9D2+gesbolT
QdWYgbUYY2AHJOshskMW7pahYnFX2pZmn/ayaPc+JFJlCEqO0+DcYQjYuv6sntQgZGkok7yZ
R4xMbyCp61pTrfGWOufZs/FiScJZg1IWY5qb4URH4VZZjLNMR2pFMRuE4LvgkkMRasbUv7Yv
n3Lzv34lTfJKUqYW6nx//L2NS4rN63o0taPwRygnuBK4kp7EYEcwtLeanJhQoIu4b6If9rwy
D7CFAp51wIewV9VtZ1Is0irNBcMVyhJogIcuIn+VWY1ff1RxySD/djMxggOUMIIDkAIBATCB
gDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcx
IjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1
cHBvcnRAY2FjZXJ0Lm9yZwIDCXiQMAkGBSsOAwIaBQCgggHoMBgGCSqGSIb3DQEJAzELBgkq
hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDQwNTEyMTYwNVowIwYJKoZIhvcNAQkEMRYE
FM+iAFFRy97LDfUOWFNxFPhbfyYoMF8GCSqGSIb3DQEJDzFSMFAwCwYJYIZIAWUDBAECMAoG
CCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggq
hkiG9w0DAgIBKDCBkQYJKwYBBAGCNxAEMYGDMIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAc
BgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5n
IEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMJeJAwgZMG
CyqGSIb3DQEJEAILMYGDoIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6
Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEh
MB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMJeJAwDQYJKoZIhvcNAQEBBQAE
ggEAuMqNcfc7oloFkZwyG6NM8IbEbOenwM9VV9eeNGRgcz3RdhUBt47RCErfi5y8Kae0yI1L
9PMksGezPPCZbtKoTbknMRRrigzpVBRjiKF8MLWF0ny0VzUj8j2uljQWy7xTHE+5yx0e61P7
airHwIQS8u63y50kvg3PT6POJB0TyRQqvZ8UUFBK6JEqXkY7DVrS9VxS6SelbOuJUtiNKkRD
AkEbrE5ug8rTafR+onCa1gNlUNHLomc+0zLKb+8VRr4etfVOyLDhdYLPhJ/u5qePh3PHpX8B
i3/I2bRD72ktlZYL48mwFKEma7LrUPf9Ky0EVYLCk9FR8/w4kCvxEOfmPQAAAAAAAA==
--------------ms010606090903000904060909--